Healthcare cybersecurity carries a weight that most sectors do not. The data being protected belongs to patients at some of the most vulnerable moments of their lives, and the systems being secured are the same ones clinicians depend on to deliver care. Ransomware attacks on hospitals have delayed surgeries. Breaches have exposed mental health records. The regulatory environment under HIPAA, HITECH, and HITRUST creates compliance obligations that never stop evolving. The CISOs in this feature are protecting health systems, managed care organizations, digital health platforms, and community providers across a sector that is among the most targeted in cybersecurity, and among the least resourced to defend itself.
Anthony Alsleben — CISO and Executive Director of Information Security, CentraCare
Anthony Alsleben has served as CISO and executive director of information security at CentraCare since April 2020, where he built the health system’s information security program from the ground up, establishing the security team, creating the incident response plan and CSIRT, implementing a SOC, developing vendor management processes, and launching a vulnerability management standard and policy. Before CentraCare, he served as CIO at Carris Health and Affiliated Community Medical Centers in rural Minnesota, managing EHR transitions, network infrastructure integration, and HIPAA security policy alignment across community clinic environments. His technology career traces back to Hutchinson Technology in Hutchinson, Minnesota, where he spent more than a decade progressing from systems technician and PC standards administrator through server administration, information systems auditing, and senior systems analyst roles. That progression from manufacturing IT operations through rural healthcare CIO and into health system CISO reflects a leader whose deep operational grounding informs how he approaches security in environments where the technology has to work reliably for the communities depending on it.
Philip Ramey — CISO, HCA Healthcare
Philip Ramey joined HCA Healthcare as CISO in September 2025, bringing a career built across financial services, technology services, and healthcare risk management. Before HCA, he spent nearly five and a half years at Prudential Financial, serving as global head of IT operational risk and governance before stepping into the CISO role. Before Prudential, he was VP of IT operational risk and governance at Freddie Mac, where he built the first line of defense operational risk capability, developed comprehensive risk management and third-party risk programs, and closed three material weaknesses while reducing overhead costs by 75 percent. He spent three years as SVP and global head of engagement risk and chief compliance officer at HCL Technologies, growing the central compliance organization from 15 staff covering 10 engagements to 150 personnel covering 250 engagements. Earlier, he spent ten years at Freddie Mac as director of information security engineering and threat management, championing a managed security services integration that increased security threat visibility by 500 percent and decreased risk posture by 50 percent. He also served as VP of risk and assurance at Elsevier, building M&A security assessment programs across more than ten acquisitions. His breadth across financial services, government-sponsored enterprise security, and technology services risk now informs how he approaches the CISO mandate at one of the largest for-profit hospital operators in the United States.
Tanya Kaplun — CISO, Magellan Health
Tanya Kaplun has spent nearly ten years at Magellan Health, progressing from VP of information technology through VP of IT solutions owner, enterprise chief of staff, VP and business information security officer, VP of information technology and cybersecurity, and stepping into the CISO role in July 2025. Her path to CISO ran through business and technology leadership as much as security, giving her a grounded understanding of how Magellan’s managed care operations work before she took on full security accountability. Before Magellan, she spent two years as senior director of pharmacy operations at Aetna and more than fourteen years at Medco across entry-level programmer through senior director of enterprise client benefit and adjudication systems and senior director of the agile transformation team. That career, built across pharmacy benefit management, managed care, and health IT over more than two decades before arriving at the CISO seat, reflects a security leader whose clinical and operational context is as strong as her security governance mandate.
Peter Xenakis — CISO, Lumina Care
Peter Xenakis joined Lumina Care as CISO in August 2025, leading enterprise-wide cybersecurity, compliance, and risk management strategy for a growing multi-state national healthcare provider group. His responsibilities span HIPAA and HITECH compliance, incident response planning, threat detection, disaster recovery, security architecture across EMR and EHR platforms, cloud environments, vendor risk management, and executive reporting on cyber risk posture. Before Lumina Care, he spent three years as director of information technology and security officer at Mobile Vascular Physicians and three years as director of information technology at Allied Physicians Group, building his healthcare IT leadership foundation across physician group environments. His earlier career includes account management at an IT infrastructure services contractor, senior engineering and NOC team leadership at a managed services firm, and eight years as COO of Fuoco Technology, where he had previously founded XT Group before its acquisition. That progression from managed services and IT leadership through physician group security officer to multi-state health system CISO reflects a practitioner who built his security expertise from the operational layer upward.
Joe Vanhoorik — Deputy CISO, Fairview Health Services
Joe Vanhoorik has served as deputy CISO at Fairview Health Services since November 2024, bringing a career built across energy, retail, enterprise, and cloud security environments before landing in health system security leadership. Before Fairview, he spent six years at Accenture as director of cloud security services, leading a global cloud and security engineering organization providing CloudOps, DevOps, and security engineering services to some of Accenture’s largest business units. Before Accenture, he was enterprise security architecture leader at Cargill, security engineering leader at Target, and spent more than eight years at Great River Energy as senior security engineer and project manager. His earlier career includes network and security engineering roles at Lawson Software, Alltel Wireless, and Netco Government Services. That technical depth across energy sector security, retail security engineering following a high-profile breach environment, global cloud security leadership, and agricultural enterprise architecture gives him a cross-sector foundation that informs how he now supports security governance at a major Minnesota health system.
Pedram Kalantari — CISO, Nadia Care and Movn Health
Pedram Kalantari holds simultaneous CISO roles at Nadia Care and Movn Health, two healthcare organizations where he leads enterprise security, privacy, and compliance programs spanning HIPAA, HITRUST, SOC 2, NIST, and ISO 27001 across PHI-handling environments. At Movn Health, he chairs security governance forums, oversees vendor risk management, directs penetration testing and vulnerability management, and owns the multi-year security roadmap aligned to business growth. At Nadia Care, he leads security architecture across IAM, endpoint security, data protection, and monitoring while embedding security-by-design principles into engineering. Alongside both roles, he runs Nysa Technology, his fractional CISO practice serving healthcare companies and SMBs on compliance programs without the overhead of a full-time hire. He holds CISSP, CISA, ISO/IEC 27001:2022 Lead Auditor, and ISO/IEC 42001:2023 Lead Auditor certifications, the last covering AI management systems, reflecting a forward-looking technical credential set. His career began at Movn Health as IT manager, progressing through director of information technology and into the CISO role, and includes earlier experience at Cerner, Donnelly College, and in IT leadership at SADRA.
Healthcare Security Demands More Than Most Sectors Give It
The organizations in this feature range from a system of more than 180 hospitals to digital health startups handling PHI in distributed cloud environments. What they share is a common reality: the data they protect is sensitive in a way that is deeply personal, the regulatory obligations are unforgiving, and the threat actors targeting healthcare have learned exactly how much disruption they can cause by compromising clinical systems. The leaders in this feature are meeting that challenge across every scale of healthcare organization, and the patients depending on those systems are better protected for it.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.